We have all been there. The user calls in about a forgotten password and is now locked out of the domain. Password releated problems represent a large portion of the daily support and a obvious task to automate and speed up.
Let’s identify some steps that may be needed to reset the password for a known Active Directory user in your organization or customer base. One or more should apply to your current situation.
– Does it include logging on to the Active Directory server with RDP, open the AD Users & Computers and looking for the user?
– If you are a Managed Service Provider and the server is at the customer location, does it also include opening a 3:rd party remote control session?
– Do you know the credentials for the local or remote machine to be used for the task?
– Do you have to ask someone else or look in any documentation for credentials?
– Do you have the remote tools or infrastructure available on your machine before doing the remote control?
– Can you report upon the number of password resets last week or last month on one or many domains?
If you summarize the time and tasks needed for just one password related support issue you will soon realize it is time consuming. Very time consuming. And to make it even worse, how do you quantify, qualify and track all the changes done?
The latest Upstream Kaseya Power Pack includes several Kaseya Agent Procedures for managing Active Directroy users. Reset passwords, create users and add group memberships. In this blog post we will show you how to reset a known Active Directory user directly from the Quickview in Kaseya LiveConnect. Follow the steps below to set it up.
First of all, we use the NET USER command in this example. There are tons of ways to do password resets. VB-script, Powershell and various command line tools are all good. With Kaseya you can use any command line tool you prefer and are familiar with. NET USE is often a forgotten but very useful command line tool included in all versions of Windows Server 2003, 2008 and 2012. The goal of Upstream Kaseya Power Pack is not to give you production ready solutions (even though you can use most of the Agent Procedures right out of the box) but rather inspiration and education. Take time to look at the Agent Procedures and you will se that we document heavily in all of our examples. Read more about the NET USER command here.
1. Let’s start with the basics. Download the Upstream Kaseya Power Pack. Unzip and import the Agent Procedures XML file from System, Import Center in Kaseya. You should end up with the folder ”Upstream Power Pack (DATE)” in your shared Agent Procedures.
2. The name of the Agent Procedure we are going to use is called ”Sys Mgmnt – Windows – AD – Reset Existing User Password”. The very long name of this Agent Procedure is part of our educational naming standard in the Upstream Kaseya Power Pack and is not always a perfect fit for a production name. Why not edit the Agent Procedure and save it as ”Reset AD User Password” and put it in your own specified production folder. Truth is, we always suggest that you save the agent Procedures in Upstream Kaseya Power Pack as ”your own” before using them in production.
3. If you hoover over any existing Kaseya Agent (green, blue, grey or yellow) you will get the Quickview displayed. One cool part of the Quickview is the ”Run Procedure Now” section. Here you can add a list of Agent Procedures to be run instantly. This is why a shorter name of the Agent Procedure is in place. Add ”Reset AD user Password” by pressing the green add button. Leave the ”Ask before executing” option unchecked. More on why later on.
4. Be sure to run the procedure on a Domain Controller. Kaseya use the local system account when executing the Agent Procedure. You can see in the image above that our server is a (DC) of the Stockholm domain in the ”Domain/Workgroup” field. You can of course create a View pnsly showing Doamin Controllers if you hav a lot of machines. When you execute ”Reset AD User Password” you will be prompted with the following box below. It’s very important that you unchecked the ”Ask before executing” mentioned above, otherwise you will not get the box. Enter the logon name and the new password. You can see the password in plain text at this moment, but the procedure will force the user to set a new password at first logon attempt. Look at line 8 to 10 in the Agent Procedure to see how it’s done.
6. You will get the audit information you need to follow up on the task ”reset user password”. The user name, the Kaseya admin name (you) and the success or not. Use this information to create reports both internally in the team and externally to your customers.
8. The Procedure Log will indicate what the problem is. The NET GROUP error message would not get piped to a text file (for security reasons maybe), therefore we alert on a blank result file instead. At least you have two options to investigate. Wrong logon name or not a Domain Controller.
We hope this tutorial can help you in the daily tasks supporting your end users. Be sure to keep looking for more posts regarding managing Active Directory users with Kaseya in the future.
The Upstream Tech Team